<html>
<head>
<meta http-equiv="content-type" content="text/html; charset=utf-8">
</head>
<body text="#000000" bgcolor="#FFFFFF">
<p>Hi,</p>
<p>cannot connect with shrew soft vpnclient to libreswan 3.24 (last
version that worked was in version 3.20) with psk+xauth:<br>
</p>
<p><font face="DejaVu Serif">Jun 08 15:27:46 sol pluto[18056]:
packet from 192.168.10.170:33388: IKEv1 Aggressive Mode with PSK
is vulnerable to dictionary attacks and is cracked on large
scale by TLA's<br>
Jun 08 15:27:46 sol pluto[18056]: "tunnel8-aggr"[1]
192.168.10.170 #3: Peer ID is ID_FQDN: '@'<br>
Jun 08 15:27:46 sol pluto[18056]: "tunnel8-aggr"[1]
192.168.10.170 #3: responding to Aggressive Mode, state #3,
connection "tunnel8-aggr"[1] 192.168.10.170 from 192.168.10.170<br>
Jun 08 15:27:46 sol pluto[18056]: "tunnel8-aggr"[1]
192.168.10.170 #3: STATE_AGGR_R1: sent AR1, expecting AI2<br>
Jun 08 15:27:46 sol pluto[18056]: "tunnel8-aggr"[1]
192.168.10.170 #3: Peer ID is ID_IPV4_ADDR: '192.168.10.170'<br>
Jun 08 15:27:46 sol pluto[18056]: "tunnel8-aggr"[1]
192.168.10.170 #3: received Hash Payload does not match computed
value<br>
Jun 08 15:27:46 sol pluto[18056]: "tunnel8-aggr"[1]
192.168.10.170 #3: sending encrypted notification
INVALID_HASH_INFORMATION to 192.168.10.170:33388<br>
Jun 08 15:27:46 sol pluto[18056]: "tunnel8-aggr"[1]
192.168.10.170 #3: next payload type of ISAKMP Hash Payload has
an unknown value: 218 (0xda)<br>
Jun 08 15:27:46 sol pluto[18056]: "tunnel8-aggr"[1]
192.168.10.170 #3: malformed payload in packet<br>
</font></p>
<p><font face="DejaVu Serif"><br>
</font></p>
<p><font face="DejaVu Serif">I tried to force phase1 parameters with
no success, i always get "</font><font face="DejaVu Serif"><font
face="DejaVu Serif">Hash Payload does not match computed
value". Any idea what it could be the issue here? <br>
</font></font></p>
<p><font face="DejaVu Serif"><br>
</font></p>
<p><font face="DejaVu Serif">The log when connecting with version
3.20:</font></p>
<p><font face="DejaVu Serif">Jun 08 15:24:34 sol pluto[12290]:
packet from 192.168.10.170:33388: IKEv1 Aggressive Mode with PSK
is vulnerable to dictionary attacks and is cracked on large
scale by TLA's<br>
Jun 08 15:24:34 sol pluto[12290]: "tunnel8-aggr"[1]
192.168.10.170 #3: Aggressive mode peer ID is ID_FQDN: '@'<br>
Jun 08 15:24:34 sol pluto[12290]: "tunnel8-aggr"[1]
192.168.10.170 #3: switched from "tunnel8-aggr"[1]
192.168.10.170 to "tunnel8-aggr"<br>
Jun 08 15:24:34 sol pluto[12290]: "tunnel8-aggr"[2]
192.168.10.170 #3: deleting connection "tunnel8-aggr"[1]
192.168.10.170 instance with peer 192.168.10.170
{isakmp=#0/ipsec=#0}<br>
Jun 08 15:24:34 sol pluto[12290]: "tunnel8-aggr"[2]
192.168.10.170 #3: responding to Aggressive Mode, state #3,
connection "tunnel8-aggr"[2] 192.168.10.170 from 192.168.10.170<br>
Jun 08 15:24:34 sol pluto[12290]: "tunnel8-aggr"[2]
192.168.10.170 #3: transition from state STATE_AGGR_R0 to state
STATE_AGGR_R1<br>
Jun 08 15:24:34 sol pluto[12290]: "tunnel8-aggr"[2]
192.168.10.170 #3: STATE_AGGR_R1: sent AR1, expecting AI2<br>
Jun 08 15:24:34 sol pluto[12290]: "tunnel8-aggr"[2]
192.168.10.170 #3: transition from state STATE_AGGR_R1 to state
STATE_AGGR_R2<br>
Jun 08 15:24:34 sol pluto[12290]: "tunnel8-aggr"[2]
192.168.10.170 #3: new NAT mapping for #3, was
192.168.10.170:33388, now 192.168.10.170:40182<br>
Jun 08 15:24:34 sol pluto[12290]: "tunnel8-aggr"[2]
192.168.10.170 #3: STATE_AGGR_R2: ISAKMP SA established
{auth=PRESHARED_KEY cipher=aes_256 integ=md5 group=MODP1024}<br>
Jun 08 15:24:34 sol pluto[12290]: "tunnel8-aggr"[2]
192.168.10.170 #3: ignoring informational payload
IPSEC_INITIAL_CONTACT, msgid=00000000, length=28<br>
Jun 08 15:24:34 sol pluto[12290]: | ISAKMP Notification Payload<br>
Jun 08 15:24:34 sol pluto[12290]: | 00 00 00 1c 00 00 00 01
01 10 60 02<br>
Jun 08 15:24:34 sol pluto[12290]: "tunnel8-aggr"[2]
192.168.10.170 #3: received and ignored informational message<br>
Jun 08 15:24:34 sol pluto[12290]: | event EVENT_v1_SEND_XAUTH #3
STATE_AGGR_R2<br>
Jun 08 15:24:34 sol pluto[12290]: "tunnel8-aggr"[2]
192.168.10.170 #3: XAUTH: Sending Username/Password request
(XAUTH_R0)<br>
<br>
</font></p>
<pre class="moz-signature" cols="72">--
Saludos / Regards / Cumprimentos
Anónio Silva</pre>
</body>
</html>